IP Address: 82.157.142.44Previously Malicious
IP Address: 82.157.142.44Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
82.157.142.44 |
|
Domain |
- |
|
ISP |
Tencent Cloud Computing (Beijing) Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-06 |
Last seen in Akamai Guardicore Segmentation |
2022-04-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 101.43.173.48:1234, 102.168.252.169:80, 102.168.252.169:8080, 102.73.37.145:2222, 106.172.1.42:80, 106.172.1.42:8080, 106.55.188.60:1234, 110.12.36.202:2222, 120.153.136.199:2222, 120.33.122.93:2222, 122.14.222.124:1234, 129.170.200.192:2222, 135.196.181.249:80, 135.196.181.249:8080, 137.97.159.36:80, 137.97.159.36:8080, 138.11.67.40:22, 139.42.21.59:80, 139.42.21.59:8080, 139.55.191.198:80, 139.55.191.198:8080, 145.61.124.182:80, 145.61.124.182:8080, 149.83.178.30:80, 149.83.178.30:8080, 152.136.145.180:1234, 152.141.201.220:2222, 157.13.12.15:80, 157.13.12.15:8080, 16.147.141.50:22, 16.207.77.191:2222, 164.150.129.142:80, 164.150.129.142:8080, 168.243.4.157:80, 168.243.4.157:8080, 182.50.34.170:80, 182.50.34.170:8080, 186.97.132.228:22, 188.85.34.149:80, 188.85.34.149:8080, 197.193.180.149:80, 197.193.180.149:8080, 204.227.81.56:22, 210.170.2.238:80, 210.170.2.238:8080, 213.33.200.11:80, 213.33.200.11:8080, 219.188.196.172:80, 219.188.196.172:8080, 22.157.103.38:2222, 244.95.146.25:80, 244.95.146.25:8080, 246.106.229.228:80, 246.106.229.228:8080, 247.163.57.102:80, 247.163.57.102:8080, 247.220.10.188:2222, 26.145.21.72:80, 26.145.21.72:8080, 27.62.180.66:80, 27.62.180.66:8080, 29.42.199.129:80, 29.42.199.129:8080, 44.19.177.130:80, 44.19.177.130:8080, 46.174.64.27:22, 5.175.242.89:80, 5.175.242.89:8080, 5.188.79.92:1234, 52.87.40.229:80, 52.87.40.229:8080, 55.149.100.107:80, 55.149.100.107:8080, 55.91.177.111:2222, 6.134.226.35:80, 6.134.226.35:8080, 68.18.160.18:80, 68.18.160.18:8080, 73.94.145.196:80, 73.94.145.196:8080, 79.67.129.204:22, 82.156.210.15:1234, 82.157.142.44:1234, 89.90.34.101:2222, 96.123.92.154:80, 96.123.92.154:8080, 97.107.201.16:80 and 97.107.201.16:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8087 and 8182 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: as9105.com |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|